Systems and methods for managing resetting of user online identities or accounts

ABSTRACT

Systems and methods are disclosed for managing the resetting of online identities or accounts of users of Internet web pages. One method includes: receiving, through an electronic device, a request to reset login information to access a web page associated with the user&#39;s online account; determining that an IP address associated with the request is not identified as being suspicious; receiving user data intrinsic to the user&#39;s request; automatically verifying two or more values of the data intrinsic to the user&#39;s request as being indicative of a level of trust of the identity of the user; and transmitting, to the user over the Internet, a subset of options to reset the login information, the subset being selected based on the level of trust.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims the benefit of priorityto U.S. patent application Ser. No. 16/167,119, filed on Oct. 22, 2018,which is a continuation of U.S. patent application Ser. No. 15/169,234,filed on May 31, 2016, now U.S. Pat. No. 10,142,302, issued Nov. 27,2018, which is a continuation of and claims the benefit of priority toU.S. application Ser. No. 14/013,972, filed on Aug. 29, 2013, now U.S.Pat. No. 9,386,011, issued Jul. 5, 2016, which are incorporated hereinby reference in their entireties.

TECHNICAL FIELD

Various embodiments of the present disclosure relate generally tomanaging online identities of users of Internet web pages. Morespecifically, exemplary embodiments of the present disclosure relate tosystems and methods for managing the resetting of online identities oraccounts of users of Internet web pages, based on data intrinsic to theusers' interaction with Internet web pages.

BACKGROUND

Online identity and password management has concerned online users andonline companies since the advent of the Internet. Users often find itdifficult to remember and keep track of different credentials or logins(e.g., usernames and/or passwords) for their various online accounts andmay either forget this login information or provide incorrect logininformation. As a result, many users use the same password for manydifferent websites or have to reset their login information. This hasled to an increase in unauthorized users and/or entities attempting toaccess user accounts by attempting to reset user login information.

For example, the use of passwords and existing account reset techniqueshas been abused by malicious entities seeking to gain unauthorizedaccess to users' accounts in order to perform various malicious tasks.For example, the malicious entities may exploit an online serviceprovider's willingness to reset an account or password in order to gainaccess to a user's account for the purpose of obtaining contact lists,active e-mail addresses, personal information, etc. Alternatively oradditionally, malicious entities may exploit an online serviceprovider's willingness to reset an account or password in order toobtain access to the user's e-mail account in order to send e-mails,such as SPAM, phishing scams or requests, or other types of fraudulent,abusive, and/or burdensome messages.

One attempt to mitigate the disadvantages of traditional passwordsinvolves the use of so-called “two-step verification,” which leveragesthe use of some physical key carried by a user. For example, many knownmethods involve the use of a pocket-sized authentication token which iscarried by the user and displays a changing passcode on an LCD or e-inkdisplay, which must be typed in at an authentication screen. The numberis typically derived from a shared secret by a cryptographic processthat makes it infeasible to work out the secret from the sequence ofnumbers, e.g., using a hash or other cryptography combined with achallenge. The same process repeated on the authentication server willyield the same result if the correct secret was used. Another techniquefor two-step authentication involves receiving a username and passwordfrom a user, and then sending, e.g., by SMS, a unique code to the userthrough a linked device, such as a mobile phone. The user receives theunique code at the mobile phone, and types it into the website to provethat the user has possession of the device, and is therefore likely theuser associated with the previously input credentials.

Unfortunately, many people have not yet implemented two-stepverification or other password improvements to their online accounts.This is especially true of people who opened online accounts arelatively long time ago, such as 5-10 years ago, or before certainother password or user verification techniques were implemented. Tothwart this vulnerability, many online websites have increased therequirements associated with resetting accounts or passwords, byrequiring all users attempting to reset login information to eithersubmit substantial additional user data or call the online company andspeak to a representative to attempt to prove their identity to gainaccess to their online account. However, these methods make it moredifficult for even legitimate users to reset and access their accountsand it does not differentiate between users of different levels oftrustworthiness. For many people, an online company would have to resortto the undesirable options of either allowing each user to reset apassword with minimal verification that they are whom they say they are,or have to prevent the user from resetting a password, and insteadinsist on the undesirable workaround that the user abandon that accountand open a new account.

Accordingly, a need exists for systems and methods for managing theresetting of online identities or accounts of users of Internet webpages, based on data intrinsic to the users' interaction with Internetweb pages.

SUMMARY OF THE DISCLOSURE

According to certain embodiments, systems and methods are disclosed formanaging the resetting of online identities or accounts of users ofInternet web pages. One method includes: receiving, through anelectronic device, a request to reset login information to access a webpage associated with the user's online account; determining that an IPaddress associated with the request is not identified as beingsuspicious; receiving user data intrinsic to the user's request;automatically verifying two or more values of the data intrinsic to theuser's request as being indicative of a level of trust of the identityof the user; and transmitting, to the user over the Internet, a subsetof options to reset the login information, the subset being selectedbased on the level of trust.

According to certain embodiments, methods are disclosed forauthenticating an identity of an online user. One method includesreceiving, through an electronic device, a request to reset logininformation to access a web page associated with the user's onlineaccount; determining that the online address of the electronic device istrusted; receiving user data intrinsic to the user's request; verifyinga trusted pair of the data intrinsic to the user's request;authenticating the identity of the user; and transmitting to the useroptions to reset the login information.

The method may include any one of or a combination of the followingsteps and/or features: the login information may be least one of theuser's user identifier or password, the step of determining that theonline address of the electronic device is trusted may include comparingthe online address to a database of known aberrant online addresses, thestep of determining that the online address of the electronic device istrusted may further include determining if other reset requests havebeen received from the online address within a preset amount of time,the data intrinsic to the user's request may be selected from the groupconsisting of: IP address, username, time of the request, frequency ofthe request, browser type, age of account, cookies, and device fingerprint, the step of verifying a trusted pair of the data intrinsic to theuser's request may include any pair of the group consisting of time ofthe request, frequency of the request, browser type, age of account,cookies, and device finger print.

According to certain embodiments, systems are disclosed forauthenticating an identity of an online user. One system includes a datastorage device storing instructions for authenticating an identity of anonline user; and a processor configured to execute the instructions toperform a method including: receiving, through an electronic device, arequest to reset login information to access a web page associated withthe user's online account; determining that the online address of theelectronic device is trusted; receiving user data intrinsic to theuser's request; verifying a trusted pair of the data intrinsic to theuser's request; authenticating the identity of the user; andtransmitting to the user options to reset the login information.

According to certain embodiments, a computer-readable medium isdisclosed that, when executed by a computer system, causes the computersystem to perform a method for authenticating an identity of an onlineuser, the method including: receiving, through an electronic device, arequest to reset login information to access a web page associated withthe user's online account; determining that the online address of theelectronic device is trusted; receiving user data intrinsic to theuser's request; verifying a trusted pair of the data intrinsic to theuser's request; authenticating the identity of the user; andtransmitting to the user options to reset the login information.

Additional objects and advantages of the disclosed embodiments will beset forth in part in the description that follows, and in part will beapparent from the description, or may be learned by practice of thedisclosed embodiments. The objects and advantages of the disclosedembodiments will be realized and attained by means of the elements andcombinations particularly pointed out in the appended claims.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory onlyand are not restrictive of the disclosed embodiments, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, illustrate various exemplary embodiments andtogether with the description, serve to explain the principles of thedisclosed embodiments.

FIG. 1 is an illustration of a user attempting to reset logininformation through a web page, according to an exemplary embodiment ofthe present disclosure;

FIG. 2 is a flow diagram of methods for receiving user online data andauthenticating the identity of the user, according to exemplaryembodiments of the present disclosure;

FIG. 3 is a flow diagram of methods for resetting users' online logininformation using data intrinsic to a user interaction with a web page,according to exemplary embodiments of the present disclosure;

FIG. 4 is a schematic diagram of sources of additional data intrinsic toa user interaction with a web page, for evaluating user identities andretrieving limited or full password reset options, according toexemplary embodiments of the present disclosure;

FIG. 5 is a block diagram of a communications system configured toretrieve and present users with limited or full reset options, accordingto exemplary embodiments of the present disclosure; and

FIG. 6 is a simplified functional block diagram of a computer configuredas a host server, for example, to function as a reset server, accordingto exemplary embodiments of the present disclosure.

DESCRIPTION OF THE EMBODIMENTS

Reference will now be made in detail to the exemplary embodiments of thedisclosure, examples of which are illustrated in the accompanyingdrawings. Wherever possible, the same reference numbers will be usedthroughout the drawings to refer to the same or like parts.

The present disclosure describes method and systems of using dataintrinsic to a user's interaction with a web page to validate the user'sidentity. Specifically, the present disclosure describes methods andsystems for using data intrinsic to a user's interaction with a web pageto control how a user may reset his or her online login information andaccess an online account. As described above, each time an onlineservice provider receives a request to reset an account or passwordassociated with a particular username, there is some likelihood that therequest was generated by the person associated with the username, butthere is also some likelihood that the request was generated by amalicious entity, whether a person, company, or machine (e.g., a serveror “bot”). The present disclosure is directed to evaluating, over time,activity and information obtained from a user's or device's interactionwith one or more servers of the online service provider, to determinetrustworthiness levels associated with the interaction, and toaccordingly modify the options available for resetting the respectiveaccount and/or password. Embodiments of the present disclosure will nowbe described with respect to FIGS. 1-6.

FIG. 1 is an illustration of an exemplary environment 100 in which auser may be attempting to reset a username and password through a webpage 115 using an electronic device 110, according to an exemplaryembodiment of the present disclosure. As shown in FIG. 1, a user 105 mayvisit the website or web page 115, which requires a user to gain accessto an online account by logging in by electronically, and submittingunique login information previously generated by the provider of theonline account or previously created and submitted by the user. Thelogin information may include any unique identifier (e.g. a username,email address, account number, etc.) and a password and/or pin. Forexample, as shown in FIG. 1, the login screen of the web page 115 mayinclude prompts for the user to submit a username 120 and password 125,and also may include a user element or link 130 enabling the user torequest to reset the username and/or password by having his or heridentity validated or authenticated, before gaining access.

Examples of types of user online accounts may include online portals,e-mail services, e-commerce sites, banking sites, financial sites,document management sites, electronic research sites, content sites, orany other website involving a user logging-in. The electronic device 110may be any device connected to the Internet or any other network thatmay enable communication of data between the device 110 and a server ofthe online account. For example, the electronic device 110 may be auser's personal computer (PC), whether desktop or laptop, a tabletdevice, a mobile device, a home- or vehicle-installed computer, or anyother type of computing device. Moreover, in certain embodiments, theelectronic device 110 may be a server or any other type of automatedcomputing machine implemented by a malicious entity, such as a spammeror hacker.

The username 120 may be any unique string of characters provided by theuser to the online account server and approved by the online accountduring initial setup of the online account, or may be automaticallycreated by the online account and provided to the user. The onlineaccount may verify that the username 120 is unique to the user such thatno other user has the same username 120. For example, if during initialsetup of the online account, the user selects a username that is alreadybeing used by a current user of the online account, the online accountmay prompt the user to select a different username, or may providesuggestions of available unique usernames. In addition, the password 125may be any string of characters provided by the user to the onlineaccount and approved by the online account either during initial setupof the online account or at any time after the initial online accountsetup. The online account may provide password requirements to the userto ensure that the password is secure. For example, the online accountmay require that a password be at least eight characters in length andinclude a symbol, a number, and a letter.

The reset user element or link 130 may be any selectable icon on theonline account web page 115 that the user may select in order to requestto reset the user's username 120 and/or password 125. The reset userelement or link 130 may appear on the web page 115 having the promptsfor and/or forms into which a user may enter the requested/requiredusername 120 and password 125, or the reset user element or link 130 maybe provided on a different but related web page. The reset user elementor link 130 may be automatically, electronically displayed by the onlineaccount at any time during the user's attempt to login. For example, thereset user element or link 130 may only be displayed after the failedattempt to login, such as after the user provides an incorrect username120 and/or password 125. Alternatively, the user may request a resetwithout any attempt of providing login and/or password information. Forexample, if the user does not remember either of the username and/orpassword, the user may request to reset his or her username and/orpassword without even attempting to enter those credentials.

FIG. 2 shows a flow diagram 200 of methods of electronically receivingand evaluating user online information for use in authenticating theidentity of the user, and in managing the user's password/account resetoptions. The method 200 may be implemented prior to the user submittingany login information or requesting a password or account reset. Themethod 200 may be implemented any time the user navigates to the onlineaccount web page or a web page associated with the online account webpage, and may be used to receive data that may later be used inevaluating reset options, for example, via a method 300 shown in FIG. 3.In other words, if a provider of the user's username and password is ane-mail provider that maintains other websites, and/or that tracks auser's web browsing activity (e.g., using a toolbar or third partycookies), that provider may monitor a user's activity and logincredentials even before a user requests to reset a password or otherlogin credentials. As a result, the provider may receive or otherwisegenerate and store information that can be evaluated and analyzed todetermine whether and how to reset a user's password, if and when theuser requests to reset the password.

In one embodiment, method 200 may include electronically receiving,e.g., over the Internet or other network, a user's online activity data(step 205), such as upon the user's online navigation to or interactionwith an online account web page. As described above, the online data maybe received upon the user's navigation to or interaction with the onlineaccount web page (e.g., where the user normally logs-in using usernameand password entries), or upon the user's navigation to or interactionwith any another web page that the provider can track using a toolbar,cookies, pixel tags, or any other known means. The user's onlineactivity data may include one or more of: an IP address, deviceinformation, browsing history (URLs, domains, etc.), click history, useridentity, screenname logins, etc. Method 200 may then include performingone or more of user profiling (step 210), IP address profiling (step215), and browser profiling (step 220). The profiling steps 210, 215,and 220 may be accomplished by electronically processing the online userdata received at step 205 and electronically, automatically comparingthe data, including the user's identifying information, IP address, andbrowser to databases of authenticated user information, and knownaberrant user data.

The method also may include a step 230 of identifying the IP addressreceived as part of the user online activity data at step 205 andcomparing the IP address with a database of known suspicious IPaddresses. For example, the IP address of the electronic device used tomake the request may be compared to database(s) of IP addresses known tobelong to one or more aberrant or malicious entities. The database maybe saved in memory of the service provider's server or may be saved inmemory on a different server accessible by the server via the network.The database may include IP addresses and aberrant or malicious entitiesassociated with the IP addresses. As described above, an aberrant ormalicious entity may be any entity, such as known spammers or hackers,that is not the user and that may have attempted to access other useraccounts. In one example, a suspicious IP address may be identified byretrieving the number of unassociated screen names for which a resetprocedures was initiated from an IP address within a predeterminedlength of time (e.g. 1 hour, 2 hours, 4 hours, 8 hours, etc.)Furthermore, according to this example, the following factors may beevaluated: the number of unassociated screen names identified andconsidered fraudulent based on prior activity, the number of screennames that were in a compromised state and from which a reset attemptwould be expected, and/or the number of active users such that therewould be any likelihood that a legitimate reset may be requested. Inanother example, the number of unassociated screen names failingpasswords at login from a particular IP address may be tracked.According to this example, this may be determined by the number of namesconsidered fraudulent based on prior activity, the number of names in acompromised state such that there would be an expectation for a resetrequest, and the number of active users such that there may be alikelihood that a legitimate reset request may be made. In addition, theIP address may be compared to IP addresses from which attemptedtransmissions of spam and/or fraudulent registrations were sent.

In one embodiment, method 200 may include performing user profiling(step 210) by comparing a user, e.g., through a user ID to informationknown about various users, and determining whether or not to provide theuser with password reset options, such as based on whether the user isdetermined to be a malicious user, such as a spammer. For example, ifthe user or an ID associated with the user has been involved in pastinteractions determined to be associated with hacking, spamming, usingabusive browser footprints, or otherwise involved in unauthorizedaccess, then method 200 may include profiling the user as an untrusteduser.

Method 200 may include performing IP address profiling (step 215), suchas by identifying IP addresses that have been associated with a numberof users over a threshold number of users, or IP addresses that havebeen associated with the use of an abusive browser footprint. In otherwords, step 215 of method 200 may operate on assumptions that IPaddresses associated with only, for example, up to 8 or 10 electronicdevices, device IDs, or unique user IDs, is unlikely to be used by aspammer, whereas IP addresses associated with tens or even hundreds ofelectronic devices, device IDs, or unique user IDs is likely to be usedby a spammer. Thus, the server may determine whether an IP address islikely associated with a public portal or unsecure network connection inany suitable manner. For example, the server may calculate the number ofdifferent devices attempting to access any of the server's web pagesfrom the same IP address within a pre-determined time period and, if thenumber is above a predetermined threshold, then it may be determinedthat the IP address is a public portal, and the IP address may be savedin a database of known public portals. The IP address may also, oralternatively, be examined to determine if the IP address is regularlyused by the user, and/or if it is associated with a public portal orunsecure network connection, and if so, may determine that the IPaddress is suspicious.

Method 200 may include performing browser profiling (step 220) bydetermining whether the person is using a browser that appears to havean abusive browser fingerprint. For example, if a reset request isreceived in relation to a standard browser associated with a singledevice or IP address, the browser may be flagged as likely associatedwith a trusted user. However, if a reset request is received in relationto what appears to be a bot, a spoofed desktop session, aforeign-originated browser, a cloud-based browsing session, or any othersuspicious activity, then the browser may be flagged as likelyassociated with an untrusted user.

The method 200 may subsequently include a step of automatically,electronically identifying trusted pairs of users and browsers and/or IPaddresses (step 225). Step 225 of method 200 may include identifying twoor more verified data values related to a user's identity, browser,and/or IP address. For example, if the electronic processing of theprofiling steps (210, 215 and 220) results in verifying the user's IPaddress as an IP address that the user has successfully logged in fromin the past and the browser is the same as the browser that the user haspreviously used, and has cookies with user identifying information(e.g., user mailing address or email address), then these verified userdata values may be identified as trusted pairs at step 225. Of course,as will be described in more detail below with respect to FIG. 3, anycombination of verified data values may be combined and evaluated toplace users into any desired category of trustworthiness. For example,different user, IP address, and browser characteristics may carrydifferent weights toward or against characterization as being part of atrusted or untrusted pair. In another example, a user may be associatedwith a generally established geographic region from which he/she mayconsistently or often authenticate. Within that geographic region, themethod may determine a /24 area of IPv4 space (i.e., a 24 bit space)that the user has used during a predetermined period of time (e.g., 5days out of 60 days). If none of the uses of that /24 space were deemedsuspicious, (e.g., that /24 space was not used by more than 7 otherusers in the last 60 days), then the user may be deemed trustworthy. Inanother example, a user may be associated with a generally establishedgeographic region from which he/she may consistently authenticate.Within that geographic region, a device fingerprint may be determinedwhich the user may have used for a predetermined period of time (e.g., 5days out of the last 60 days), and if none of the uses of that devicefingerprint were deemed suspicious (e.g., the device fingerprint was notused by more than 7 users in the last 60 days), then the user may bedeemed trustworthy.

FIG. 3 is a flow diagram of an exemplary method 300 for validating auser's identity using data intrinsic to a user's interaction with a webpage and providing (i) no reset options, (ii) limited reset options, or(iii) full reset options, according to an exemplary embodiment of thepresent disclosure. In one embodiment, method 300 may involve receiving,from a user, via an electronic device, a request to reset account logininformation (e.g., name and/or password) (step 310). The request may besent via a network, such as the Internet and received by a server, suchas an online account server or any other server described with respectto FIG. 4. The server may automatically electronically process therequest, using a processer, by retrieving intrinsic user information inthe request. Such intrinsic user information may include any informationregarding the IP address of the user, any cookies, browser information,browser history, open and active accounts on the same electronic device,any information about the electronic device, any recent or past loginattempt information, any concurrent login sessions on other devices,etc.

For example, the server may retrieve information regarding the IPaddress of the electronic device used to make the request, and at step320, the server may determine whether the IP address was previouslydetermined to be suspicious. As described above with respect to FIG. 2,the server may determine that an IP address is suspicious based on anyalgorithm, formula, comparison to a database of known aberrant IPaddresses or any other suitable method.

If it is determined, at step 320, that the IP address is suspicious, theuser may be prompted to call a representative of the online accountprovider (step 330), or to otherwise verify the identity of the user ina manner that is not over a network (e.g. in person or over thetelephone). For example, the server may display on the account web pagea toll-free number or other phone number and prompt the user to callthat number. In one embodiment, the server may prompt the user to callthat number from the phone number with which the user registered theonline account. When the user calls the displayed phone number, the usermay be questioned or tested to determine whether the user has providedenough personal or identifying information to achieve a predeterminedconfidence level that the person is who they say they are.

If it is determined at step 320 that the user IP address is notsuspicious (step 320, “NO”), then the server may automatically andelectronically determine whether additional intrinsic user data isavailable (step 340). Additional intrinsic user data may include anydata that may verify or increase the probability that the reset requestis from the user and not another entity. For example, additionalintrinsic user data may be obtained by retrieving user informationpreviously obtained at a time when the user successfully accessed theonline account and/or navigated to the online account web page, as shownin FIG. 2. If additional user intrinsic information is eitherunavailable or is not verified (step 340, NO), then the server mayretrieve and present the user with limited reset options (step 350). Inone embodiment, the limited reset options may include reset mechanismsthat involve a user's access to a physical device, such as a cell phone,or to another account or number associated with the account beforeinitiation of the password reset sequence. For example, in oneembodiment, the user may be provided with the limited options to reset apassword by receiving a code at a mobile phone linked to the account,receiving a code at an e-mail address associated with another account,and/or entering a credit card associated with the account.

In one embodiment, the limited reset options provided at step 350 mayrequire the input of any combination of secondary unique userinformation that is not intrinsic and not automatically retrievable fromthe user's online interaction with the online account web page and/orreset via external verification of the user's identity. Such limitedreset options may require a higher level of verification and may requiremore than one verification step from the user. Examples of suchsecondary unique information may include the user's credit cardinformation. Examples of external verification of the user's identitymay include login information sent to a previously submitted emailaddress, an SMS verification code sent to a previously submitted mobilenumber, or any other reset option having a high level of security.

If, at step 340, it is determined that additional matching intrinsicdata is available, then method 300 may further include evaluating theavailable intrinsic data for matching pairs indicative of valid use, todetermine which of the full reset options to present to a user. In oneembodiment, the server may automatically compare past login informationof a user with the reset request in order to verify the identity of theuser and determine that the user should receive a full list of resetoptions, e.g., if two or more values of intrinsic user data are verifiedand match. Examples of such additional user data may include: the timethe request is made, the frequency with which the user previouslyaccesses the account, the similarity of any incorrect login informationrecently provided, the profile of the user, the type or browser used tomake the request whether or not a mobile device (e.g. mobileapplication) is already logged into the account, whether or not a screenname for an associated accounted is active or recently active, the ageof the account, whether there is a threshold amount of history for auser to indicate likely login location(s), the duration of the loginattempt, active related screen names, saved cookies, the devicefingerprint, and/or any other suitable data.

The server may determine that two or more verified additional intrinsicuser data values may result in a full set of reset options for the userto choose from to reset the user account (step 360). The user may theninput, using the electronic device, account login reset data (step 370)and the server may receive the reset data via the network and processthe data update the user account an reset the account (step 380). Themethod may also include a step of receiving additional user data fromthe user (step 380), which may be later used by the server toautomatically verify the user's identity.

The full range of reset options may include the limited reset options aswell as options having a lower level of security. For example, input ofan answer to a secret question, the answer to which was previouslysubmitted, etc., and/or directly allowing the user to reset username andpassword.

FIG. 4 shows a schematic diagram 400 of sources of additional intrinsicuser data, and methods of evaluating whether a pair or more ofverifiable additional intrinsic data points is available. As shown inFIG. 4, examples of intrinsic user data 410 may include the time therequest is made, the frequency with which the user previously accessesthe account, the similarity of any incorrect login information recentlyprovided, the profile of the user, the type of browser used to make therequest, whether or not a mobile device (e.g. mobile application) isalready logged into the account, whether or not a screen name for anassociated accounted is active or recently active, the age of theaccount, whether there is a threshold amount of history for a user toindicate likely login location(s), the duration of the login attempt,active related screen names, saved cookies, the device fingerprint,and/or any other suitable data. For example, if the user has previouslylogged into the account from the IP addresses on a certain number ofdistinct days, then the user and IP address may be defined as a trustedpair of user intrinsic data.

The online account server may automatically, electronically retrievepast login data for the user and compare such data to the reset request.The online account server may compare the time of the reset request withany pattern of user login times, if available. For example, if theonline account server determines, based on an analysis of the user'spast login history, that the user usually logs into the online accounton certain days and/or a within certain time range (e.g., Monday-Friday9 a.m. to 4 p.m.) and the reset request is received at a time outsidethe range (e.g., Sunday at 3 a.m.), the server may determine that theuser identity cannot be verified based on time. In another example, ifthe user has not logged in for a certain threshold time (e.g., the useris an infrequent user or has not logged in within some predeterminedperiod of time), then the server may determine the user cannot beverified based on frequency.

The server may retrieve any saved user data on past incorrect logininformation inputted by the user, and compare and analyze it with anyincorrect login information immediately preceding the reset request, todetermine if the user may be providing login information that is thesame as any incorrect login information recently provided. For example,if a user uses a first login and/or password for a different account andhas in the past attempted to access the present account using that firstlogin and/or password, then the server may conclude the authenticity ofanother occurrence of the user inputting the first login and/or passwordimmediately prior to requesting reset of the account. The authenticityof another or prior login may be stored as a verified additionalintrinsic user data value.

The server may also analyze the profile of the user to determine thelikelihood that an entity other than the actual user may have requesteda password/account reset. For example, if the user is a well-knownperson (e.g., a celebrity or politician), or any other entity likely tobe targeted by malicious or aberrant entities, then the server mayperform a higher level of scrutiny or evaluation of useridentity/authenticity. The server may also analyze the type of browserused to make the reset request to determine if the user has used thesame browser in the past or if the browser if a type known to be used toaberrant entities. The server also may automatically check if the useris already logged into the account using a mobile device (e.g., via amobile application) and determine that if the user is already logged inusing a mobile device, then the request attempt may not be verified. Theage of the account may also be checked, and any cookies with informationverifying the identity of the user also may be checked. In addition, anydevice fingerprints (e.g., device operating system, privacy settings,etc.) also may be used to verify the identity of the user.

Thus, the system may automatically, electronically determine if anyscreen name for an associated account is logged in from the same IPaddress and/or electronic device. For example, when a request is made toreset the login information of an online account, the system mayautomatically check to see if the user of the online account has anyassociated screen names, e.g., instant messaging screen names associatedwith the account, and if any associated screen names are logged on andactive (e.g. not idle). If the system determines that an associatedscreen name is active from the same IP address and/or computer as thereset request, then the system may determine the reset request ispartially validated. In another example, screen names of related usersmay also be used to verify an online account reset request. For example,when a request is made to reset the login information of an onlineaccount, the system may automatically check to see if the user of theonline account has any related screen names, e.g., instant messagingscreen names of related online accounts, and if any related screen namesare logged on and active (e.g., not idle). If the system determines thata related screen name is active from the same IP address and/or computeras the reset request, then the system may determine the reset request ispartially validated. The system also may automatically determine if thereset request is similar to any other historical login data for theuser. For example, in addition to time, IP address, and/or computerfinger print, the system may also determine other user historical data,such as which website the user navigates from prior to the resetrequest, etc. In addition, the system may automatically check theduration of the user's state, e.g., the duration of the reset requestattempt.

Any two or more matches of the verified additional intrinsic user datamay be used to verify the identity of the user and may constitute atrusted pair (step 420) and the user may be presented with all of thereset options at step 430.

FIG. 5 is a block diagram of an environment and system for performingonline authentication using imaging techniques, according to anexemplary embodiment of the present disclosure. Specifically, FIG. 5illustrates an exemplary environment 500 including a plurality of userelectronic devices 520, such as mobile device 525, computers 530, 535,and electronic kiosks 540. Each of the electronic device 520 and one ormore servers 550, such as accounts server 555, transactions server 560,and external server 565 via an electronic network 510, may be incommunication with each other via an electronic network 510, such as theInternet.

Other embodiments of the disclosure will be apparent to those skilled inthe art from consideration of the specification and practice of theinvention disclosed herein. It is intended that the specification andexamples be considered as exemplary only, with a true scope and spiritof the invention being indicated by the following claims.

FIG. 6 provides a functional block diagram illustration of generalpurpose computer hardware platforms. FIG. 6 illustrates a network orhost computer platform 600, as may typically be used to implement aserver, such as the accounts server 555, the transactions server 560,and/or the external server 565. It is believed that those skilled in theart are familiar with the structure, programming, and general operationof such computer equipment and as a result the drawings should beself-explanatory.

A platform for a server or the like 600, for example, may include a datacommunication interface for packet data communication 660. The platformmay also include a central processing unit (CPU) 620, in the form of oneor more processors, for executing program instructions. The platformtypically includes an internal communication bus 610, program storage,and data storage for various data files to be processed and/orcommunicated by the platform such as ROM 630 and RAM 640, although theserver 600 often receives programming and data via networkcommunications 670. The hardware elements, operating systems, andprogramming languages of such equipment are conventional in nature, andit is presumed that those skilled in the art are adequately familiartherewith. The server 600 also may include input and output ports 650 toconnect with input and output devices such as keyboards, mice,touchscreens, monitors, displays, etc. Of course, the various serverfunctions may be implemented in a distributed fashion on a number ofsimilar platforms, to distribute the processing load. Alternatively, theservers may be implemented by appropriate programming of one computerhardware platform.

Program aspects of the technology may be thought of as “products” or“articles of manufacture” typically in the form of executable codeand/or associated data that is carried on or embodied in a type ofmachine readable medium. “Storage” type media include any or all of thetangible memory of the computers, processors or the like, or associatedmodules thereof, such as various semiconductor memories, tape drives,disk drives and the like, which may provide non-transitory storage atany time for the software programming. All or portions of the softwaremay at times be communicated through the Internet or various othertelecommunication networks. Such communications, for example, may enableloading of the software from one computer or processor into another, forexample, from a management server or host computer of the mobilecommunication network into the computer platform of a server and/or froma server to the mobile device. Thus, another type of media that may bearthe software elements includes optical, electrical and electromagneticwaves, such as used across physical interfaces between local devices,through wired and optical landline networks and over various air-links.The physical elements that carry such waves, such as wired or wirelesslinks, optical links, or the like, also may be considered as mediabearing the software. As used herein, unless restricted tonon-transitory, tangible “storage” media, terms such as computer ormachine “readable medium” refer to any medium that participates inproviding instructions to a processor for execution.

The many features and advantages of the disclosure are apparent from thedetailed specification, and thus, it is intended by the appended claimsto cover all such features and advantages of the disclosure which fallwithin the true spirit and scope of the disclosure. Further, sincenumerous modifications and variations will readily occur to thoseskilled in the art, it is not desired to limit the disclosure to theexact construction and operation illustrated and described, andaccordingly, all suitable modifications and equivalents may be resortedto, falling within the scope of the disclosure.

What is claimed is:
 1. A computer-implemented method for managingresetting of user accounts, the method comprising: receiving, over anetwork, a request to reset login information to access an onlineaccount of a user; comparing, at an online account server, a time of therequest to reset login information to a preset time or amount of time;receiving, over the network, intrinsic user data associated with therequest to reset login information, wherein the intrinsic user dataincludes a threshold amount of history for an IP address associated withthe request; evaluating, at the online account server, based on theintrinsic user data, whether a screen name associated with a relatedonline account of the user is currently logged in from the IP addressassociated with the request; and upon determining that the associatedscreen name is logged in, transmitting, over the network, a subset ofoptions to reset the login information based on the evaluated intrinsicuser data.
 2. The method of claim 1, further comprising: determiningwhether one or more unauthenticated reset requests have been receivedfrom the IP address associated with the request; and determining whetherthe IP address associated with the request is not identified as beingsuspicious based on the determination of whether one or moreunauthenticated reset requests have been received from the IP addressand the comparison of the time the request to reset login informationwas received to the preset amount of time.
 3. The method of claim 1,wherein the login information is at least one of a user identifier ofthe user or a password of the user.
 4. The method of claim 2, whereindetermining that the IP address associated with the request is notidentified as being suspicious further comprises comparing the IPaddress to a database of IP addresses known to be associated withmalicious or aberrant entities.
 5. The method of claim 1, wherein theintrinsic user data includes one or more of a username associated withthe online account, a type of browser used to make the request, an ageof the online account, and one or more cookies.
 6. The method of claim1, further comprising evaluating, based on the intrinsic user data, atleast two of a time of the request, a frequency of the request, a typeof browser used to make the request, an age of account, one or morecookies, and a device finger print.
 7. A system for managing resettingof online identities or accounts of users, the system including: a datastorage device storing instructions for managing resetting of onlineidentities or accounts of users; and a processor configured to executethe instructions to perform a method including: receiving, over anetwork, a request to reset login information to access an onlineaccount of a user; comparing, at an online account server, a time of therequest to reset login information to a preset time or amount of time;receiving, over the network, intrinsic user data associated with therequest to reset login information, wherein the intrinsic user dataincludes a threshold amount of history for an IP address associated withthe request; evaluating, at the online account server, based on theintrinsic user data, whether a screen name associated with a relatedonline account of the user is currently logged in from the IP addressassociated with the request; and upon determining that the associatedscreen name is logged in, transmitting, over the network, a subset ofoptions to reset the login information based on the evaluated intrinsicuser data.
 8. The system of claim 7, wherein the processor is furtherconfigured to execute the instructions to perform the method including:determining whether one or more unauthenticated reset requests have beenreceived from the IP address associated with the request; anddetermining whether the IP address associated with the request is notidentified as being suspicious based on the determination of whether oneor more unauthenticated reset requests have been received from the IPaddress and the comparison of the time the request to reset logininformation was received to the preset amount of time.
 9. The system ofclaim 7, wherein the login information is at least one of a useridentifier of the user or a password of the user.
 10. The system ofclaim 8, wherein determining that the IP address associated with therequest is not identified as being suspicious further comprisescomparing the IP address to a database of IP addresses known to beassociated with malicious or aberrant entities.
 11. The system of claim7, further wherein the intrinsic user data includes one or more of ausername associated with the online account, a type of browser used tomake the request, an age of the online account, and one or more cookies.12. The system of claim 7, wherein the processor is further configuredto execute the instructions to perform the method including evaluating,based on the intrinsic user data, at least two of a time of the request,a frequency of the request, a type of browser used to make the request,an age of account, one or more cookies, and a device finger print.
 13. Anon-transitory computer-readable medium storing executable instructionsthat, when executed by a computer system, cause the computer system toperform a method for managing resetting of online identities or accountsof users, the method including: receiving, over a network, a request toreset login information to access an online account of a user;comparing, at an online account server, a time of the request to resetlogin information to a preset time or amount of time; receiving, overthe network, intrinsic user data associated with the request to resetlogin information, wherein the intrinsic user data includes a thresholdamount of history for an IP address associated with the request;evaluating, at the online account server, based on the intrinsic userdata, whether a screen name associated with a related online account ofthe user is currently logged in from the IP address associated with therequest; and upon determining that the associated screen name is loggedin, transmitting, over the network, a subset of options to reset thelogin information based on the evaluated intrinsic user data.
 14. Thecomputer-readable medium of claim 13, wherein the instructions, whenexecuted by the computer system, further cause the computer system toperform the method including: determining whether one or moreunauthenticated reset requests have been received from the IP addressassociated with the request; and determining whether the IP addressassociated with the request is not identified as being suspicious basedon the determination of whether one or more unauthenticated resetrequests have been received from the IP address and the comparison ofthe time the request to reset login information was received to thepreset amount of time.
 15. The computer-readable medium of claim 13,wherein the login information is at least one of a user identifier ofthe user or a password of the user.
 16. The computer-readable medium ofclaim 14, wherein determining that the IP address associated with therequest is not identified as being suspicious further comprisescomparing the IP address to a database of IP addresses known to beassociated with malicious or aberrant entities.
 17. Thecomputer-readable medium of claim 13, further wherein the intrinsic userdata includes one or more of a username, a type of browser used to makethe request, an age of the online account, and one or more cookies. 18.The computer-readable medium of claim 13, wherein the instructions, whenexecuted by the computer system, further cause the computer system toperform the method including evaluating, based on the intrinsic userdata, at least two of a time of the request, a frequency of the request,a type of browser used to make the request, an age of account, one ormore cookies, and a device finger print.